YouTube
shieldCISSP Practice Domain 8 — Software Development Security Q115 of 120

Which DevSecOps practice integrates security checks directly into the CI/CD pipeline?

A CISSP practice question covering Domain 8: Software Development Security. Try answering before reading the explanation below.

Show options & answer
A
Annual pen tests only
B
Shift-left security (SAST/DAST/SCA gates in CI/CD)
✓ Correct answer
C
Production-only testing
D
Manual code review at release
Why "Shift-left security (SAST/DAST/SCA gates in CI/CD)" is the right answer

Shift-left embeds SAST, DAST, SCA, and IaC scans in build and merge pipelines so issues are caught and fixed quickly by the original author. Annual-only and release-only testing miss too much.

Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.
Start full test →

Other practice tests

All practice tests CISSP videos Glossary